Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Essentials Trojan


  • Please log in to reply
3 replies to this topic

#1 dbestrie

dbestrie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 15 May 2010 - 09:45 AM

Virus on my daughter`s computer. Can only open browser in Safe mode. Anti-virus scans don`t seem to work and updates are blocked. Pop-ups and redirection to other web sites.


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Daphne at 10:09:47.58 on 15/05/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3000.2426 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Daphne\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0709&m=extensa_5630
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0709&m=extensa_5630
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
StartupFolder: c:\users\daphne\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\alluse~1\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\daphne\appdata\roaming\mozilla\firefox\profiles\yypuwc5y.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72784]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-4-8 43736]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-5-9 28552]
S2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-7-17 1872320]
S2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2010-1-19 85128]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
S2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-7 24576]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.2.543\SymcPCCULaunchSvc.exe [2010-5-13 103280]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.2.543\ccSvcHst.exe [2010-5-13 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-8 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2008-5-7 17968]
S4 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2009-7-14 1830856]

=============== Created Last 30 ================

2010-05-15 14:07:09 0 ----a-w- c:\users\daphne\defogger_reenable
2010-05-14 16:34:44 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-14 15:51:55 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-14 15:50:16 0 d-----w- c:\programdata\Symantec
2010-05-14 07:12:16 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-05-14 07:12:16 16 ----a-w- c:\windows\system32\asdict.dat
2010-05-14 07:12:16 0 ----a-w- c:\windows\system32\as2features.dat
2010-05-14 07:12:16 0 ----a-w- c:\windows\system32\as2clusters.dat
2010-05-13 10:58:36 0 d-----w- c:\users\daphne\appdata\roaming\Malwarebytes
2010-05-13 10:58:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 10:58:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 10:58:25 0 d-----w- c:\programdata\Malwarebytes
2010-05-13 10:58:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 04:36:02 0 d-----w- c:\users\daphne\appdata\roaming\Tific
2010-05-13 04:35:55 0 d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-05-13 04:35:54 0 d-----w- c:\programdata\Norton
2010-05-13 04:35:54 0 d-----w- c:\program files\Norton PC Checkup
2010-05-13 04:35:50 0 d-----w- c:\programdata\NortonInstaller
2010-05-13 04:35:50 0 d-----w- c:\program files\NortonInstaller
2010-05-13 03:54:05 0 d-----w- c:\users\daphne\appdata\roaming\QuickScan
2010-05-13 03:15:47 52 ----a-w- c:\windows\system32\ashttpstats.csv
2010-05-13 01:08:48 0 ----a-w- c:\windows\system32\24464.exe
2010-05-13 00:48:47 0 ----a-w- c:\windows\system32\26962.exe
2010-05-13 00:28:47 0 ----a-w- c:\windows\system32\29358.exe
2010-05-13 00:08:47 0 ----a-w- c:\windows\system32\11478.exe
2010-05-12 23:48:47 0 ----a-w- c:\windows\system32\15724.exe
2010-05-12 23:28:47 0 ----a-w- c:\windows\system32\19169.exe
2010-05-12 23:08:46 0 ----a-w- c:\windows\system32\26500.exe
2010-05-12 18:08:01 228880312 ----a-w- c:\windows\MEMORY.DMP
2010-05-12 17:49:42 0 ----a-w- c:\windows\system32\18716.exe
2010-05-12 17:29:42 0 ----a-w- c:\windows\system32\17421.exe
2010-05-12 17:09:42 0 ----a-w- c:\windows\system32\12382.exe
2010-05-12 16:49:42 0 ----a-w- c:\windows\system32\292.exe
2010-05-12 16:29:41 0 ----a-w- c:\windows\system32\153.exe
2010-05-12 16:09:41 0 ----a-w- c:\windows\system32\3902.exe
2010-05-12 15:49:41 0 ----a-w- c:\windows\system32\14604.exe
2010-05-12 15:29:41 0 ----a-w- c:\windows\system32\32391.exe
2010-05-12 15:09:41 0 ----a-w- c:\windows\system32\5436.exe
2010-05-12 14:49:40 0 ----a-w- c:\windows\system32\4827.exe
2010-05-12 14:29:40 0 ----a-w- c:\windows\system32\11942.exe
2010-05-12 14:09:40 0 ----a-w- c:\windows\system32\2995.exe
2010-05-12 13:49:39 0 ----a-w- c:\windows\system32\491.exe
2010-05-12 13:29:39 0 ----a-w- c:\windows\system32\9961.exe
2010-05-12 13:09:39 0 ----a-w- c:\windows\system32\16827.exe
2010-05-12 12:49:39 0 ----a-w- c:\windows\system32\23281.exe
2010-05-12 12:29:38 0 ----a-w- c:\windows\system32\28145.exe
2010-05-12 12:09:38 0 ----a-w- c:\windows\system32\5705.exe
2010-05-10 01:41:22 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-10 01:40:55 0 d-----w- c:\program files\Panda Security
2010-05-08 21:47:29 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-05-06 03:13:41 0 d-----w- c:\programdata\McAfee Security Scan
2010-05-06 03:13:36 0 d-----w- c:\program files\McAfee Security Scan
2010-04-28 02:04:26 0 d-----w- c:\program files\iPod
2010-04-28 02:04:21 0 d-----w- c:\program files\iTunes
2010-04-28 02:00:52 0 d-----w- c:\program files\Bonjour
2010-04-17 20:31:00 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-17 20:31:00 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-17 20:30:39 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-17 20:30:38 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-17 20:30:38 200704 ----a-w- c:\windows\system32\iphlpsvc.dll

==================== Find3M ====================

2010-05-13 04:22:40 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-13 03:15:35 72784 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2010-05-13 03:08:12 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-13 03:08:12 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-13 03:08:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-12 01:38:40 81984 ----a-w- c:\windows\system32\bdod.bin
2010-04-09 20:48:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-18 14:07:05 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:07:05 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-03 18:58:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-23 20:05:48 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-12-23 20:05:48 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-12-23 20:05:48 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-01-25 17:28:19 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-27 00:32:07 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-15 00:01:05 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-15 00:01:05 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-15 00:01:05 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 21:05:31 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:11:48.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:56 AM

Posted 16 May 2010 - 12:03 PM

Hello dbestrie

Welcome to BleepingComputer smile.gif
========================
One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 dbestrie

dbestrie
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 May 2010 - 05:19 PM

Thanks for your help. I'm going to talk it over with my daughter and probably look to reformat.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:56 AM

Posted 16 May 2010 - 07:54 PM

Ok no problem.

Just let me know if you do or don't wish to clean and I will close this topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users